Researchers named 3 scenarios for hacking digital asset exchanges

There are three scenarios for hacking digital asset exchanges. This point of view was presented by the researchers during a speech at the Black Hat computer security conference.

According to experts, many crypto trading platforms, despite attempts to strengthen their security, are still vulnerable to hacking. Omer Shlomovits, co-founder of KZen, and Jean-Philippe Aumasson, the co-founder exchange security firm Taurus Group believe that cyberattacks on digital asset exchanges can be divided into three categories:

  • Internal
  • Based on the relationship between users and the project
  • With the extraction of secret keys

Internal attacks have to do with the work of an insider. The method involves looking for loopholes. Among other things, scammers check the possibility of organizing access based on the platform code database. Attackers can use proxies to get the tools they need to hack.

An example of an internal attack is hacking through the vulnerability of project libraries. To do this, scammers use an update mechanism. With it, hackers can change parts of the key for denial of service. So the account holders can lose access to their funds on the exchange.

An attack in which scammers exploit the exchange-user relationship implies manipulation. For example, hackers can send a request to a platform’s client to confirm data on behalf of the exchange. The information obtained will give cybercriminals access to the accounts of the victims.

The third hacking option can be implemented at the moment the trusted parties receive their parts of the access key. Each batch includes randomly generated numbers that will be publicly verified. According to researchers, not all trading platforms pay attention to this process. As a result, fraudsters can replace parts of the keys with other values in order to ultimately gain access to the funds of their victims.

The experts cited Binance as an example of an exchange that did not check the values for a long period of time. The developers of the project had to correct the flaw only in March of this year.

Be the first to comment

Leave a Reply

Your email address will not be published.